The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.04 - July-Aug. (2011 vol.9)
pp: 80-84
John Diamant , Hewlett-Packard
ABSTRACT
The software industry would be better off with more emphasis on early-lifecycle security—avoiding security mistakes in the first place. That means security requirements analysis and architecting or designing security in, an approach that's rare but that provides substantial benefits.
INDEX TERMS
software development, HP Comprehensive Applications Threat Analysis, W. Edwards Deming, security vulnerabilities, dynamic application security testing, static application security testing, security requirements gap analysis, architectural threat analysis, security quality, zero day, 0-day, security and privacy
CITATION
John Diamant, "Resilient Security Architecture: A Complementary Approach to Reducing Vulnerabilities", IEEE Security & Privacy, vol.9, no. 4, pp. 80-84, July-Aug. 2011, doi:10.1109/MSP.2011.88
REFERENCES
1. G. Santayana, Reason in Common Sense, Dover, 1980; www.gutenberg.org/files/15000/15000-hvol1.html .
2. D. Hamilton, "HP Adds Early Life Cycle Application Security Analysis to Discover Hidden Weaknesses," Web Host Industry Rev.,11 June 2010; www.thewhir.com/web-hosting-news061110_HP_Unveils_Early_Life_Cycle_Application_Security_Analysis_to_Discover_Hidden_Weaknesses .
3. T. Espiner, "IBM: Public Vulnerabilities Are Tip of the Iceberg," CNET News,1 June 2007; http://news.cnet.com/IBM-Public-vulnerabilities-are-tip-of-the-iceberg 2100-1002_3-6188032.html .
4. B. Boehm, "Industrial Metrics Top 10 List," IEEE Software, vol. 4, no. 5, 1987, pp. 84–85.
5. B. Schneier, Secrets and Lies: Digital Security in a Networked World, John Wiley & Sons, 2000, p. 318.
6. Ike Skelton National Defense Authorization Act for Fiscal Year 2011, HR 6523, US Government Printing Office, 2010; www.gpo.gov/fdsys/pkg/BILLS-111hr6523ih/ pdfBILLS-111hr6523ih.pdf.
6 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool